Brad here again, and I hope you’ve been able to get your XAMPP download and installed the package.
Lesson 4 is all about securing your new XAMPP installation.
You really need to change the password for the user “root” because once you open up your website to the outside world, anyone will be able to change, delete and otherwise muck around with your XAMPP installation. You don’t want that.
You should see a page entitled:
“Security console MySQL & XAMPP directory protection”
Update: Leon kindly posted a comment about not being able to login using phpmyadmin afterwards, so I decided to check out my localhost installation of XAMPP (using the above URL). Here’s the page I get:
Its written in German, so…. the best way to see it in your own language is to go to:
and click on your preferred language.
If you browse to the above page, you’ll see a report that outlines everything you need to secure.
Click the link at the bottom of the page – that’s
Enter a new password into the two text boxes. You’ll need this later on, so don’t forget it, and do make it something hard to guess. (I’m sure you know what to do with passwords – I don’t need to tell you how important they are.)
Next, tick the radio button marked “http” on the PHPMyAdmin authentification (!) option.
Next, ensure the Safe plain password in text file? checkbox is turned off.
Click the “Password changing” button.
You should now get a message to say that the root password was successfully changed, and a reminder to restart the mySQL service.
To do that, click Start, click Programs, click Apache Friends, click XAMPP, click XAMPP Control Panel if it isn’t already running.
Click the button marked “Stop” to the right of the mySQL service entry. Wait until it says “Start”, then click it again. You’ve now restarted the mySQL database with a new password. Whenever you need to do any database administration in the future, remember to use the new password you entered above.
In the second section, entitled:
XAMPP DIRECTORY PROTECTION (.htaccess)
enter a usename and password to protect the main XAMPP folder.
Ensure the “Safe plain password in text file?” option is turned off.
Click the “Make safe the XAMPP directory” button.
All done! If it was all successful, you should see a page like this:
Administration of your XAMPP installation from now on:
Accessing the mySQL server database (lots of open source software, which we’ll be running under XAMPP, uses mySQL as their database) is as simple as appending “phpmyadmin” after your domain name (or localhost if running locally, which you would be at the moment unless you’ve gone a few steps ahead of the rest of us!)
The URL to get to your phpMyAdmin interface will be:
A standard Windows dialog box will appear – enter the username and password you entered in the steps above. You should now see your phpMyAdmin web interface. Don’t worry so much about it at the moment, but that’s how you need to access it later on.
Remember to restart the mySQL server before trying to log back in.
That’s about it for this lesson.
Please give me some feedback – too slow, too fast, unsure of what’s going on?
I’m here to hep you – please don’t hesitate to ask for assistance.
Lesson 5 – Create a domain name is going to be a beauty!
Update Jan 2012.
(Yes, I know – a long time between drinks! )
A few people have contacted me wanting to know more about securing XAMPP, so here are a few more resources you might want to have a look at:
Make XAMPP Secure – Robs Notebook
Secure XAMPP – Apache Friends
How-To Secure XAMPP from localhost – DevShed
The Basics of XAMPP security – the Excruciatingly Correct Guide
Securing Your XAMPP – The Truth of the Matter
Are there any other resources that you’ve found? Please share them!